back to article Microsoft's XML 0-day fix expected in July Patch Tuesday

Microsoft is planning to release nine bulletins, three critical, as part of the July edition of its Patch Tuesday monthly update cycle. One of the three crucial advisories is expected* to offer patches for a serious XML Core Services vulnerability, disclosed but not fixed in June’s Patch Tuesday. This vulnerability has been …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

What happened to

Your Patch Tuesday article for June?

There were quite a few patches last month too.

0
0
Go

Common theme, common prevention.

An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.

[broken-record] Running as a non-admin would prevent anything exploiting this from breaking the OS. [/broken-record]

(I want to see a "nothing to see here, move along" icon.)

3
0
Flame

Except That

..all your Corporate Drone User Files (think weapons blueprints) might be shipped to Moldavia. Or Shenzen. Or Pyongyang.

Yeah, sandboxing should catch it, but only if there is a sandbox involved. Is your MS Office OOXML parser sandboxed ?? Not ? You better use a different account to view any external *docx or *xlsx.

What ? You braindead corpo policy forbids more than one account per drone ? Sorry, you and your files are stuffed.

0
2
FAIL

That's not an XML bug...

That's a Microsoft bug. Get your headlines right!

1
0
Bronze badge

Re: That's not an XML bug...

Umm, I read the title as being Microsoft's implementation being at fault, rather than XML per se. I can't really see where you got the Register blaming XML as a whole.

2
0

Have they re-issued the Browser Choice program?

It seems to have re-appeared on my Windows Update, but I haven't installed it. Given recent developments, how do I know it isn't teh vvrus?

In other news, my flaky Dell Latitude ST seems to be even flakier since I installed Opera 12.00. I've decided to run any novel web sites in Firefox instead. Teh Register seems to be able to make Opera crash my Dell. Maybe the new plugin handler...

0
0
Anonymous Coward

Re: Have they re-issued the Browser Choice program?

I've noticed that The Reg site sends my Opera browser at home to nigh on 100% CPU on Win7/64bit, but not at work on the same...

0
0
Anonymous Coward

"Zero day"?

Hardly a Zero Day vulnerability now if M$ disclosed it in June.

0
0
Devil

Microsoft....

Takes Asprin.

Removes OS and Software.

Installs Linux.

0
1
Childcatcher

As usual

Keep away from IE !

0
0
This topic is closed for new posts.

Forums